package com.atlassian.jira.bc.group;

import com.atlassian.core.util.collection.EasyList;
import com.atlassian.crowd.embedded.api.CrowdService;
import com.atlassian.crowd.exception.InvalidMembershipException;
import com.atlassian.crowd.exception.OperationNotPermittedException;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.query.entity.GroupQuery;
import com.atlassian.crowd.search.query.entity.restriction.NullRestrictionImpl;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.jira.bc.JiraServiceContext;
import com.atlassian.jira.bc.group.GroupService;
import com.atlassian.jira.bc.projectroles.ProjectRoleService;
import com.atlassian.jira.config.properties.APKeys;
import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.exception.AddException;
import com.atlassian.jira.exception.PermissionException;
import com.atlassian.jira.exception.RemoveException;
import com.atlassian.jira.issue.comments.CommentManager;
import com.atlassian.jira.issue.security.IssueSecurityLevelManager;
import com.atlassian.jira.issue.subscription.SubscriptionManager;
import com.atlassian.jira.issue.worklog.WorklogManager;
import com.atlassian.jira.notification.NotificationSchemeManager;
import com.atlassian.jira.security.GlobalPermissionManager;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.Permissions;
import com.atlassian.jira.security.roles.actor.GroupRoleActorFactory;
import com.atlassian.jira.security.type.GroupDropdown;
import com.atlassian.jira.sharing.SharePermissionDeleteUtils;
import com.atlassian.jira.user.util.OSUserConverter;
import com.atlassian.jira.user.util.UserUtil;
import com.atlassian.jira.util.ErrorCollection;
import com.atlassian.jira.util.GlobalPermissionGroupAssociationUtil;
import com.atlassian.jira.util.I18nHelper;
import com.atlassian.jira.util.JiraContactHelper;
import com.atlassian.jira.util.SimpleErrorCollection;
import com.opensymphony.user.Group;
import com.opensymphony.user.User;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import org.apache.commons.collections.CollectionUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/jira/bc/group/DefaultGroupService.class */
public class DefaultGroupService implements GroupService {
    private static final Logger log = Logger.getLogger(DefaultGroupService.class);
    private final ApplicationProperties applicationProperties;
    private final GlobalPermissionManager globalPermissionManager;
    private final GlobalPermissionGroupAssociationUtil globalPermissionGroupAssociationUtil;
    private final CommentManager commentManager;
    private final WorklogManager worklogManager;
    private final NotificationSchemeManager notificationSchemeManager;
    private final PermissionManager permissionManager;
    private final ProjectRoleService projectRoleService;
    private final IssueSecurityLevelManager issueSecurityLevelManager;
    private final UserUtil userUtil;
    private final SharePermissionDeleteUtils sharePermissionDeleteUtils;
    private final SubscriptionManager subscriptionManager;
    private final CrowdService crowdService;
    private final JiraContactHelper jiraContactHelper;
    private static final int MAX_REPORTABLE_ERRORS = 5;

    public DefaultGroupService(ApplicationProperties applicationProperties, GlobalPermissionManager globalPermissionManager, GlobalPermissionGroupAssociationUtil globalPermissionGroupAssociationUtil, CommentManager commentManager, WorklogManager worklogManager, NotificationSchemeManager notificationSchemeManager, PermissionManager permissionManager, ProjectRoleService projectRoleService, IssueSecurityLevelManager issueSecurityLevelManager, UserUtil userUtil, SharePermissionDeleteUtils sharePermissionDeleteUtils, SubscriptionManager subscriptionManager, CrowdService crowdService, JiraContactHelper jiraContactHelper) {
        this.applicationProperties = applicationProperties;
        this.globalPermissionManager = globalPermissionManager;
        this.globalPermissionGroupAssociationUtil = globalPermissionGroupAssociationUtil;
        this.commentManager = commentManager;
        this.worklogManager = worklogManager;
        this.notificationSchemeManager = notificationSchemeManager;
        this.permissionManager = permissionManager;
        this.projectRoleService = projectRoleService;
        this.issueSecurityLevelManager = issueSecurityLevelManager;
        this.userUtil = userUtil;
        this.sharePermissionDeleteUtils = sharePermissionDeleteUtils;
        this.subscriptionManager = subscriptionManager;
        this.crowdService = crowdService;
        this.jiraContactHelper = jiraContactHelper;
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean validateDelete(JiraServiceContext jiraServiceContext, String str, String str2) {
        validateJiraServiceContext(jiraServiceContext);
        ErrorCollection errorCollection = jiraServiceContext.getErrorCollection();
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        if (!userHasAdminPermission(jiraServiceContext.getUser())) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.groups.must.be.admin"));
            return false;
        }
        if (isExternalUserManagementEnabled()) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.errors.groups.error.external.managment", getContactAdminLink(i18nBean)));
            return false;
        }
        if (isGroupNull(str)) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.errors.groups.group.does.not.exist", str));
            return false;
        }
        if (areOnlyGroupsGrantingUserAdminPermissions(jiraServiceContext, EasyList.build(str)) || isAdminDeletingSysAdminGroup(jiraServiceContext, str)) {
            return false;
        }
        if (getCommentsAndWorklogsGuardedByGroupCount(str) > 0 && str2 == null) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.errors.groups.must.specify.group.to.move.comments"));
            return false;
        }
        if (str2 == null) {
            return true;
        }
        if (str2.equalsIgnoreCase(str)) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.errors.groups.cannot.swap.to.group.deleting"));
            return false;
        }
        if (!isGroupNull(str2)) {
            return true;
        }
        errorCollection.addErrorMessage(i18nBean.getText("admin.errors.groups.invalid.swap.group"));
        return false;
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean delete(JiraServiceContext jiraServiceContext, String str, String str2) {
        validateJiraServiceContext(jiraServiceContext);
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        if (!userHasAdminPermission(jiraServiceContext.getUser())) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.groups.must.be.admin"));
            return false;
        }
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        try {
            this.projectRoleService.removeAllRoleActorsByNameAndType(jiraServiceContext.getUser(), str, GroupRoleActorFactory.TYPE, (ErrorCollection) simpleErrorCollection);
            if (!simpleErrorCollection.hasAnyErrors()) {
                if (str2 != null) {
                    updateCommentsAndWorklogs(jiraServiceContext.getUser(), str, str2);
                }
                this.permissionManager.removeGroupPermissions(str);
                this.notificationSchemeManager.removeEntities(GroupDropdown.DESC, str);
                this.sharePermissionDeleteUtils.deleteGroupPermissions(str);
                Group group = getGroup(str);
                this.subscriptionManager.deleteSubscriptionsForGroup(group);
                removeGroup(group);
                clearIssueSecurityLevelCache();
                return true;
            }
        } catch (PermissionException e) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.groups.permission.removing.group"));
            log.error("Exception trying to remove group: " + e, e);
        } catch (Exception e2) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.errors.groups.error.occurred.removing.group", e2.getMessage()));
            log.error("Exception trying to remove group: " + e2, e2);
        }
        jiraServiceContext.getErrorCollection().addErrorCollection(simpleErrorCollection);
        return false;
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean validateAddUserToGroup(JiraServiceContext jiraServiceContext, Collection collection, String str) {
        return validateAddUsersToGroup(jiraServiceContext, collection, EasyList.build(str)).isSuccess();
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public GroupService.BulkEditGroupValidationResult validateAddUsersToGroup(JiraServiceContext jiraServiceContext, Collection collection, Collection collection2) {
        validateJiraServiceContext(jiraServiceContext);
        if (collection == null) {
            throw new IllegalArgumentException("You must specify non null groupsToJoin.");
        }
        ErrorCollection errorCollection = jiraServiceContext.getErrorCollection();
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        if (!userHasAdminPermission(jiraServiceContext.getUser())) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.errors.groups.must.be.admin"));
            return new GroupService.BulkEditGroupValidationResult(false);
        }
        if (!validateGroupNamesExist(collection, errorCollection, i18nBean)) {
            return new GroupService.BulkEditGroupValidationResult(false);
        }
        if (isExternalUserManagementEnabled()) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.bulkeditgroups.error.cannot.edit.user.groups.external.managment", getContactAdminLink(i18nBean)));
            return new GroupService.BulkEditGroupValidationResult(false);
        }
        boolean z = true;
        ArrayList arrayList = new ArrayList();
        Iterator it = collection2.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            User user = getUser(str);
            if (isUserNull(user)) {
                errorCollection.addErrorMessage(i18nBean.getText("admin.bulkeditgroups.error.adding.invalid.user", str));
                arrayList.add(str);
                z = false;
            } else if (!getGroupNamesUserCanSee(jiraServiceContext.getUser()).containsAll(collection)) {
                errorCollection.addErrorMessage(i18nBean.getText("admin.errors.cannot.join.user.groups.not.visible"));
                z = false;
            } else if (!validateUserIsNotInSelectedGroups(jiraServiceContext, collection, user)) {
                arrayList.add(str);
                z = false;
            }
        }
        if (z && groupsHaveGlobalUsePermissions(collection) && !this.userUtil.canActivateUsers(collection2)) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.errors.edit.group.membership.exceeded.license.limit"));
            z = false;
            arrayList.addAll(collection2);
        }
        return new GroupService.BulkEditGroupValidationResult(arrayList, z);
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public GroupService.BulkEditGroupValidationResult validateAddGroupsToGroup(JiraServiceContext jiraServiceContext, Collection collection, Collection collection2) {
        validateJiraServiceContext(jiraServiceContext);
        if (collection == null) {
            throw new IllegalArgumentException("You must specify non null groupsToJoin.");
        }
        ErrorCollection errorCollection = jiraServiceContext.getErrorCollection();
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        if (!userHasAdminPermission(jiraServiceContext.getUser())) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.errors.groups.must.be.admin"));
            return new GroupService.BulkEditGroupValidationResult(false);
        }
        if (validateGroupNamesExist(collection, errorCollection, i18nBean) && validateGroupNamesNotAdmin(collection, errorCollection, i18nBean)) {
            if (isExternalUserManagementEnabled()) {
                errorCollection.addErrorMessage(i18nBean.getText("admin.editnestedgroups.error.cannot.edit.group.groups.external.managment", getContactAdminLink(i18nBean)));
                return new GroupService.BulkEditGroupValidationResult(false);
            }
            boolean z = true;
            ArrayList arrayList = new ArrayList();
            Iterator it = collection2.iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                Group group = getGroup(str);
                if (group == null) {
                    errorCollection.addErrorMessage(i18nBean.getText("admin.errors.groups.group.does.not.exist", str));
                    arrayList.add(str);
                    z = false;
                } else if (!validateGroupIsNotInSelectedGroups(jiraServiceContext, collection, group)) {
                    arrayList.add(str);
                    z = false;
                }
            }
            return new GroupService.BulkEditGroupValidationResult(arrayList, z);
        }
        return new GroupService.BulkEditGroupValidationResult(false);
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean addUsersToGroups(JiraServiceContext jiraServiceContext, Collection<String> collection, Collection<String> collection2) {
        if (collection == null) {
            throw new IllegalArgumentException("You must specify non null groupsToJoin.");
        }
        if (collection2 == null) {
            throw new IllegalArgumentException("You must specify non null userNames.");
        }
        validateJiraServiceContext(jiraServiceContext);
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        if (!userHasAdminPermission(jiraServiceContext.getUser())) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.groups.must.be.admin"));
            return false;
        }
        if (!getGroupNamesUserCanSee(jiraServiceContext.getUser()).containsAll(collection)) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.cannot.join.user.groups.not.visible"));
            return false;
        }
        int i = 0;
        boolean z = true;
        for (String str : collection2) {
            for (com.atlassian.crowd.embedded.api.Group group : convertGroupNamesToGroups(collection)) {
                try {
                    this.userUtil.addUserToGroup(group, getUser(str));
                } catch (AddException e) {
                    if (i < 5) {
                        jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.cannot.join.user.groups.failed", str, group.getName(), e.getMessage()));
                        z = false;
                    }
                    i++;
                } catch (PermissionException e2) {
                    if (i < 5) {
                        jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.cannot.join.user.groups.no.permission", str, group.getName()));
                        z = false;
                    }
                    i++;
                }
            }
        }
        if (i >= 5) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.more.unreported.errors", String.valueOf((i - 5) + 1)));
        }
        return z;
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean addGroupsToGroups(JiraServiceContext jiraServiceContext, Collection<String> collection, Collection<String> collection2) {
        if (collection == null) {
            throw new IllegalArgumentException("You must specify non null groupsToJoin.");
        }
        if (collection2 == null) {
            throw new IllegalArgumentException("You must specify non null childNames.");
        }
        validateJiraServiceContext(jiraServiceContext);
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        if (!userHasAdminPermission(jiraServiceContext.getUser())) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.groups.must.be.admin"));
            return false;
        }
        if (!getGroupNamesUserCanSee(jiraServiceContext.getUser()).containsAll(collection)) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.cannot.join.group.groups.not.visible"));
            return false;
        }
        int i = 0;
        boolean z = true;
        Iterator<String> it = collection2.iterator();
        while (it.hasNext()) {
            try {
                Group group = getGroup(it.next());
                Iterator<String> it2 = collection.iterator();
                while (it2.hasNext()) {
                    this.crowdService.addGroupToGroup(group, getGroup(it2.next()));
                }
            } catch (InvalidMembershipException e) {
                if (i < 5) {
                    jiraServiceContext.getErrorCollection().addErrorMessage(e.getMessage());
                    z = false;
                }
                i++;
            } catch (OperationNotPermittedException e2) {
                if (i < 5) {
                    jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.cannot.join.group.groups.no.permission"));
                    z = false;
                }
                i++;
            }
        }
        if (i >= 5) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.more.unreported.errors", String.valueOf((i - 5) + 1)));
        }
        return z;
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean validateRemoveUserFromGroups(JiraServiceContext jiraServiceContext, List list, String str) {
        if (list == null) {
            throw new IllegalArgumentException("You must specify a non null groupsToLeave.");
        }
        GroupRemoveChildMapper groupRemoveChildMapper = new GroupRemoveChildMapper(list);
        groupRemoveChildMapper.register(str, list);
        return validateRemoveUsersFromGroups(jiraServiceContext, groupRemoveChildMapper);
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean validateRemoveUsersFromGroups(JiraServiceContext jiraServiceContext, GroupRemoveUserMapper groupRemoveUserMapper) {
        return validateRemoveUsersFromGroups(jiraServiceContext, (GroupRemoveChildMapper) groupRemoveUserMapper);
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean validateRemoveUsersFromGroups(JiraServiceContext jiraServiceContext, GroupRemoveChildMapper groupRemoveChildMapper) {
        validateJiraServiceContext(jiraServiceContext);
        if (groupRemoveChildMapper == null) {
            throw new IllegalArgumentException("You must specify a non null mapper.");
        }
        ErrorCollection errorCollection = jiraServiceContext.getErrorCollection();
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        if (!userHasAdminPermission(jiraServiceContext.getUser())) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.groups.must.be.admin"));
            return false;
        }
        if (isExternalUserManagementEnabled()) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.bulkeditgroups.error.cannot.edit.user.groups.external.managment", getContactAdminLink(i18nBean)));
            return false;
        }
        boolean z = true;
        Iterator childIterator = groupRemoveChildMapper.childIterator();
        while (childIterator.hasNext()) {
            String str = (String) childIterator.next();
            User user = getUser(str);
            if (isUserNull(user)) {
                errorCollection.addErrorMessage(i18nBean.getText("admin.bulkeditgroups.error.removing.invalid.user", str));
                z = false;
            } else if (groupRemoveChildMapper.isRemoveFromAllSelected(str)) {
                z = validateCanRemoveUserFromGroups(jiraServiceContext, user, groupRemoveChildMapper.getDefaultGroupNames(), groupRemoveChildMapper.getDefaultGroupNames(), true);
            } else {
                Iterator groupsIterator = groupRemoveChildMapper.getGroupsIterator(str);
                while (groupsIterator.hasNext()) {
                    z &= validateCanRemoveUserFromGroups(jiraServiceContext, user, groupRemoveChildMapper.getDefaultGroupNames(), EasyList.build((String) groupsIterator.next()), false);
                }
            }
        }
        return z;
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean validateRemoveGroupsFromGroups(JiraServiceContext jiraServiceContext, GroupRemoveChildMapper groupRemoveChildMapper) {
        validateJiraServiceContext(jiraServiceContext);
        if (groupRemoveChildMapper == null) {
            throw new IllegalArgumentException("You must specify a non null mapper.");
        }
        ErrorCollection errorCollection = jiraServiceContext.getErrorCollection();
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        if (!userHasAdminPermission(jiraServiceContext.getUser())) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.groups.must.be.admin"));
            return false;
        }
        if (isExternalUserManagementEnabled()) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.editnestedgroups.error.cannot.edit.group.groups.external.managment", getContactAdminLink(i18nBean)));
            return false;
        }
        boolean z = true;
        Iterator childIterator = groupRemoveChildMapper.childIterator();
        while (childIterator.hasNext()) {
            String str = (String) childIterator.next();
            Group group = getGroup(str);
            if (group == null) {
                errorCollection.addErrorMessage(i18nBean.getText("admin.errors.groups.group.does.not.exist", str));
                z = false;
            } else if (groupRemoveChildMapper.isRemoveFromAllSelected(str)) {
                z = validateCanRemoveGroupFromGroups(jiraServiceContext, group, groupRemoveChildMapper.getDefaultGroupNames(), groupRemoveChildMapper.getDefaultGroupNames(), true);
            } else {
                Iterator groupsIterator = groupRemoveChildMapper.getGroupsIterator(str);
                while (groupsIterator.hasNext()) {
                    z &= validateCanRemoveGroupFromGroups(jiraServiceContext, group, groupRemoveChildMapper.getDefaultGroupNames(), EasyList.build((String) groupsIterator.next()), false);
                }
            }
        }
        return z;
    }

    private String getContactAdminLink(I18nHelper i18nHelper) {
        return this.jiraContactHelper.getAdministratorContactMessage(i18nHelper);
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean removeUsersFromGroups(JiraServiceContext jiraServiceContext, GroupRemoveUserMapper groupRemoveUserMapper) {
        return removeUsersFromGroups(jiraServiceContext, (GroupRemoveChildMapper) groupRemoveUserMapper);
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean removeUsersFromGroups(JiraServiceContext jiraServiceContext, GroupRemoveChildMapper groupRemoveChildMapper) {
        if (groupRemoveChildMapper == null) {
            throw new IllegalArgumentException("You must specify non null mapper.");
        }
        validateJiraServiceContext(jiraServiceContext);
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        if (!userHasAdminPermission(jiraServiceContext.getUser())) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.groups.must.be.admin"));
            return false;
        }
        int i = 0;
        boolean z = true;
        Iterator childIterator = groupRemoveChildMapper.childIterator();
        while (childIterator.hasNext()) {
            String str = (String) childIterator.next();
            Collection groups = groupRemoveChildMapper.getGroups(str);
            if (getGroupNamesUserCanSee(jiraServiceContext.getUser()).containsAll(groups)) {
                for (com.atlassian.crowd.embedded.api.Group group : convertGroupNamesToGroups(groups)) {
                    try {
                        this.userUtil.removeUserFromGroup(group, getUser(str));
                    } catch (PermissionException e) {
                        if (i < 5) {
                            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.cannot.leave.user.groups.no.permission", str, group.getName()));
                            z = false;
                        }
                        i++;
                    } catch (RemoveException e2) {
                        if (i < 5) {
                            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.cannot.leave.user.groups.failed", str, group.getName(), e2.getMessage()));
                            z = false;
                        }
                        i++;
                    }
                }
            } else {
                jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.cannot.leave.user.groups.not.visible"));
                z = false;
            }
        }
        if (i >= 5) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.more.unreported.errors", String.valueOf((i - 5) + 1)));
        }
        return z;
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean removeGroupsFromGroups(JiraServiceContext jiraServiceContext, GroupRemoveChildMapper groupRemoveChildMapper) {
        if (groupRemoveChildMapper == null) {
            throw new IllegalArgumentException("You must specify non null mapper.");
        }
        validateJiraServiceContext(jiraServiceContext);
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        if (!userHasAdminPermission(jiraServiceContext.getUser())) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.groups.must.be.admin"));
            return false;
        }
        boolean z = true;
        Iterator childIterator = groupRemoveChildMapper.childIterator();
        while (childIterator.hasNext()) {
            String str = (String) childIterator.next();
            Collection groups = groupRemoveChildMapper.getGroups(str);
            try {
                Group group = getGroup(str);
                Iterator it = groups.iterator();
                while (it.hasNext()) {
                    this.crowdService.removeGroupFromGroup(group, getGroup((String) it.next()));
                }
            } catch (OperationNotPermittedException e) {
                jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.cannot.leave.group.groups.no.permission"));
                z = false;
            }
        }
        return z;
    }

    boolean validateCanRemoveUserFromGroups(JiraServiceContext jiraServiceContext, User user, List list, List list2, boolean z) {
        User user2 = jiraServiceContext.getUser();
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        ErrorCollection errorCollection = jiraServiceContext.getErrorCollection();
        if (!validateGroupNamesExist(list2, errorCollection, i18nBean)) {
            return false;
        }
        if (!z && list != null && !list.containsAll(list2)) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.bulkeditgroups.error.user.group.not.selected", user.getName(), (String) list2.get(0)));
            return false;
        }
        if (user2 != null && user2.equals(user) && areOnlyGroupsGrantingUserAdminPermissionsBulk(jiraServiceContext, list2)) {
            return false;
        }
        if (!getGroupNamesUserCanSee(user2).containsAll(list2)) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.errors.cannot.leave.user.groups.not.visible"));
            return false;
        }
        if (isUserInGroups(user, new HashSet(list2))) {
            return true;
        }
        if (!z) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.bulkeditgroups.error.user.not.member.of.group", user.getName(), (String) list2.get(0)));
            return false;
        }
        if (list2.size() == 1) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.bulkeditgroups.error.user.not.member.of.group", user.getName(), (String) list2.get(0)));
            return false;
        }
        errorCollection.addErrorMessage(i18nBean.getText("admin.bulkeditgroups.error.user.not.member.of.all", user.getName()));
        return false;
    }

    boolean validateCanRemoveGroupFromGroups(JiraServiceContext jiraServiceContext, Group group, List list, List list2, boolean z) {
        jiraServiceContext.getUser();
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        ErrorCollection errorCollection = jiraServiceContext.getErrorCollection();
        if (!validateGroupNamesExist(list2, errorCollection, i18nBean)) {
            return false;
        }
        if (!z && list != null && !list.containsAll(list2)) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.editnestedgroups.error.group.group.not.selected", group.getName(), (String) list2.get(0)));
            return false;
        }
        if (isGroupInGroups(group, new HashSet(list2))) {
            return validateGroupNamesNotAdmin(list2, errorCollection, i18nBean);
        }
        if (!z) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.editnestedgroups.error.group.not.member.of.group", group.getName(), (String) list2.get(0)));
            return false;
        }
        if (list2.size() == 1) {
            errorCollection.addErrorMessage(i18nBean.getText("admin.editnestedgroups.error.group.not.member.of.group", group.getName(), (String) list2.get(0)));
            return false;
        }
        errorCollection.addErrorMessage(i18nBean.getText("admin.editnestedgroups.error.group.not.member.of.all", group.getName()));
        return false;
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public long getCommentsAndWorklogsGuardedByGroupCount(String str) {
        if (str == null) {
            throw new IllegalArgumentException("The provided group name must not be null.");
        }
        return this.worklogManager.getCountForWorklogsRestrictedByGroup(str) + this.commentManager.getCountForCommentsRestrictedByGroup(str);
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean areOnlyGroupsGrantingUserAdminPermissions(JiraServiceContext jiraServiceContext, Collection collection) {
        return areOnlyGroupsGrantingUserAdminPermissions(jiraServiceContext, collection, "admin.errors.groups.cannot.delete.users.last.sys.admin.group", null, "admin.errors.groups.cannot.delete.users.last.admin.group", null);
    }

    boolean areOnlyGroupsGrantingUserAdminPermissionsBulk(JiraServiceContext jiraServiceContext, Collection collection) {
        User user = jiraServiceContext.getUser();
        return areOnlyGroupsGrantingUserAdminPermissions(jiraServiceContext, collection, "admin.errors.users.cannot.leave.sys.admin.groups", this.globalPermissionGroupAssociationUtil.getSysAdminMemberGroups(user), "admin.errors.users.cannot.leave.admin.groups", this.globalPermissionGroupAssociationUtil.getAdminMemberGroups(user));
    }

    boolean areOnlyGroupsGrantingUserAdminPermissions(JiraServiceContext jiraServiceContext, Collection collection, String str, Object obj, String str2, Object obj2) {
        validateJiraServiceContext(jiraServiceContext);
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        if (this.globalPermissionManager.hasPermission(44, jiraServiceContext.getUser())) {
            if (!this.globalPermissionGroupAssociationUtil.isRemovingAllMySysAdminGroups(collection, jiraServiceContext.getUser())) {
                return false;
            }
            if (obj == null) {
                jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText(str));
                return true;
            }
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText(str, obj));
            return true;
        }
        if (!this.globalPermissionGroupAssociationUtil.isRemovingAllMyAdminGroups(collection, jiraServiceContext.getUser())) {
            return false;
        }
        if (obj2 == null) {
            jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText(str2));
            return true;
        }
        jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText(str2, obj2));
        return true;
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public boolean isAdminDeletingSysAdminGroup(JiraServiceContext jiraServiceContext, String str) {
        validateJiraServiceContext(jiraServiceContext);
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        if (this.globalPermissionManager.hasPermission(44, jiraServiceContext.getUser()) || !this.globalPermissionManager.getGroupNames(44).contains(str)) {
            return false;
        }
        jiraServiceContext.getErrorCollection().addErrorMessage(i18nBean.getText("admin.errors.groups.error.no.permission.to.remove.group"));
        return true;
    }

    boolean userHasAdminPermission(User user) {
        return this.permissionManager.hasPermission(0, user);
    }

    boolean validateUserIsNotInSelectedGroups(JiraServiceContext jiraServiceContext, Collection collection, User user) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        Collection intersection = CollectionUtils.intersection(getUserGroups(user), collection);
        if (collection.size() == 1 && intersection.size() == 1) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.bulkeditgroups.error.user.already.member.of.group", user.getName(), (String) intersection.iterator().next()));
        } else if (collection.size() == intersection.size()) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.bulkeditgroups.error.user.already.member.of.all", user.getName()));
        }
        if (!simpleErrorCollection.hasAnyErrors()) {
            return true;
        }
        jiraServiceContext.getErrorCollection().addErrorCollection(simpleErrorCollection);
        return false;
    }

    boolean validateGroupIsNotInSelectedGroups(JiraServiceContext jiraServiceContext, Collection collection, Group group) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        I18nHelper i18nBean = jiraServiceContext.getI18nBean();
        Collection intersection = CollectionUtils.intersection(getParentGroupNames(group), collection);
        if (collection.size() == 1 && intersection.size() == 1) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.editnestedgroups.error.group.already.member.of.group", group.getName(), (String) intersection.iterator().next()));
        } else if (collection.size() == intersection.size()) {
            simpleErrorCollection.addErrorMessage(i18nBean.getText("admin.editnestedgroups.error.group.already.member.of.all", group.getName()));
        }
        if (!simpleErrorCollection.hasAnyErrors()) {
            return true;
        }
        jiraServiceContext.getErrorCollection().addErrorCollection(simpleErrorCollection);
        return false;
    }

    boolean isUserInGroups(User user, Set set) {
        return CollectionUtils.intersection(new HashSet(getUserGroups(user)), set).size() == set.size();
    }

    boolean isGroupInGroups(Group group, Set set) {
        return CollectionUtils.intersection(getParentGroupNames(group), set).size() == set.size();
    }

    boolean isExternalUserManagementEnabled() {
        return this.applicationProperties.getOption(APKeys.JIRA_OPTION_USER_EXTERNALMGT);
    }

    boolean validateGroupNamesExist(Collection collection, ErrorCollection errorCollection, I18nHelper i18nHelper) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (isGroupNull(str)) {
                simpleErrorCollection.addErrorMessage(i18nHelper.getText("admin.errors.groups.group.does.not.exist", str));
            }
        }
        if (!simpleErrorCollection.hasAnyErrors()) {
            return true;
        }
        errorCollection.addErrorCollection(simpleErrorCollection);
        return false;
    }

    boolean validateGroupNamesNotAdmin(Collection collection, ErrorCollection errorCollection, I18nHelper i18nHelper) {
        SimpleErrorCollection simpleErrorCollection = new SimpleErrorCollection();
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.globalPermissionManager.getGroupNames(44));
        hashSet.addAll(this.globalPermissionManager.getGroupNames(0));
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (hashSet.contains(str)) {
                simpleErrorCollection.addErrorMessage(i18nHelper.getText("admin.editnestedgroups.error.admin.group.not.supported", str));
            }
        }
        if (!simpleErrorCollection.hasAnyErrors()) {
            return true;
        }
        errorCollection.addErrorCollection(simpleErrorCollection);
        return false;
    }

    void updateCommentsAndWorklogs(User user, String str, String str2) {
        this.commentManager.swapCommentGroupRestriction(str, str2);
        this.worklogManager.swapWorklogGroupRestriction(str, str2);
    }

    void clearIssueSecurityLevelCache() {
        try {
            this.issueSecurityLevelManager.clearUsersLevels();
        } catch (UnsupportedOperationException e) {
            log.debug("Unsupported operation was thrown when trying to clear the issue security level manager cache", e);
        }
    }

    List getGroupNamesUserCanSee(User user) {
        return this.globalPermissionGroupAssociationUtil.getGroupNamesModifiableByCurrentUser(user, getAllGroupNames());
    }

    void validateJiraServiceContext(JiraServiceContext jiraServiceContext) {
        if (jiraServiceContext == null) {
            throw new IllegalArgumentException("The JiraServiceContext must not be null.");
        }
        if (jiraServiceContext.getErrorCollection() == null) {
            throw new IllegalArgumentException("The error collection must not be null.");
        }
    }

    Collection<com.atlassian.crowd.embedded.api.Group> convertGroupNamesToGroups(Collection<String> collection) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(getGroup(it.next()));
        }
        return arrayList;
    }

    boolean groupsHaveGlobalUsePermissions(Collection collection) {
        HashSet hashSet = new HashSet();
        Iterator<Integer> it = Permissions.getUsePermissions().iterator();
        while (it.hasNext()) {
            hashSet.addAll(this.globalPermissionManager.getGroupNames(it.next().intValue()));
        }
        Iterator it2 = collection.iterator();
        while (it2.hasNext()) {
            if (hashSet.contains((String) it2.next())) {
                return true;
            }
        }
        return false;
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public Collection<String> getChildGroupNames(com.atlassian.crowd.embedded.api.Group group) {
        MembershipQuery returningAtMost = QueryBuilder.queryFor(com.atlassian.crowd.embedded.api.Group.class, EntityDescriptor.group()).childrenOf(EntityDescriptor.group()).withName(group.getName()).returningAtMost(-1);
        TreeSet treeSet = new TreeSet();
        for (com.atlassian.crowd.embedded.api.Group group2 : this.crowdService.search(returningAtMost)) {
            if (this.crowdService.isGroupDirectGroupMember(group2, group)) {
                treeSet.add(group2.getName());
            }
        }
        return Collections.unmodifiableSortedSet(treeSet);
    }

    @Override // com.atlassian.jira.bc.group.GroupService
    public Collection<String> getParentGroupNames(com.atlassian.crowd.embedded.api.Group group) {
        MembershipQuery returningAtMost = QueryBuilder.queryFor(com.atlassian.crowd.embedded.api.Group.class, EntityDescriptor.group()).parentsOf(EntityDescriptor.group()).withName(group.getName()).returningAtMost(-1);
        TreeSet treeSet = new TreeSet();
        for (com.atlassian.crowd.embedded.api.Group group2 : this.crowdService.search(returningAtMost)) {
            if (this.crowdService.isGroupDirectGroupMember(group, group2)) {
                treeSet.add(group2.getName());
            }
        }
        return Collections.unmodifiableSortedSet(treeSet);
    }

    boolean isUserInGroup(String str, User user) {
        return user.inGroup(str);
    }

    boolean isUserNull(User user) {
        return user == null;
    }

    List getAllGroupNames() {
        return new ArrayList(CollectionUtils.collect(getAllGroups(), GlobalPermissionGroupAssociationUtil.GROUP_TO_GROUPNAME));
    }

    List getUserGroups(User user) {
        return user.getGroups();
    }

    Collection getAllGroups() {
        return OSUserConverter.convertToOSGroups(this.crowdService.search(new GroupQuery(com.atlassian.crowd.embedded.api.Group.class, GroupType.GROUP, NullRestrictionImpl.INSTANCE, 0, -1)));
    }

    boolean isGroupNull(String str) {
        return str == null || getGroup(str) == null;
    }

    void removeGroup(Group group) throws PermissionException {
        try {
            this.crowdService.removeGroup(group);
        } catch (OperationNotPermittedException e) {
            throw new PermissionException((Exception) e);
        }
    }

    Group getGroup(String str) {
        return OSUserConverter.convertToOSGroup(this.crowdService.getGroup(str));
    }

    User getUser(String str) {
        return this.userUtil.getUser(str);
    }
}
